2 matches found
CVE-2011-10011
WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remot...
CVE-2011-10011
CVE-2011-10011 affects WeBid 1.0.2. The vulnerability is a remote PHP code injection in converter.php: unsanitized input from the to parameter of a POST request is written to includes/currencies.php, allowing an unauthenticated attacker to inject arbitrary PHP code and achieve persistent remote c...